In this episode of the HIPAA Vault Show, join Adam, Gil & Taryn as they delve into a critical security breach that has put thousands of WordPress sites at risk. But that’s not all! We’re also excited to introduce the HIPAA Compliance for WordPress Masterclass. For a limited time, get exclusive access to this $297 value masterclass for FREE. This comprehensive course covers everything from the importance of selecting secure WordPress themes and plugins to mastering HIPAA-compliant hosting on the Google Cloud Platform. Whether you’re a seasoned webmaster or new to WordPress, this masterclass is packed with invaluable insights and practical steps to fortify your site’s security and compliance with HIPAA regulations.
Transcript:
Adam
Hello and welcome to the HIPAA Vault show where we discuss all things HIPAA compliance in the cloud. My name is Adam Zeineddine and I’m joined by Gil Vidals, the CTO and founder of HIPAA Vault. Hey Gil.
Gil
Hey Adam, good to see you. And looking forward to recording this one.
Adam
Looking forward to it too. And we’re also joined by a special guest for today, our sales and marketing coordinator, the very talented Taryn. How you doing, Taryn?
Taryn
Hi Adam, I’m good, how are you doing?
Adam
Well, thanks. So we’re going to get stuck into it today. We are going to be talking about our WordPress masterclass for HIPAA compliance and Taryn’s going to be sharing a bunch of information on that. But first up, we got the breach of the week. And our breach of the week is thousands of WordPress sites facing malware infection following major plugin hack. The details of this came out a couple of days ago and essentially over 3000 WordPress websites were recently compromised due to a delayed patch of known vulnerability. In a plugin called pop up builder. The sucuri and public WwW researchers discovered that threat actors exploited this vulnerability to redirect visitors to malicious websites and then secure recommends to secure their websites.
Adam
Webmasters are advised to promptly update the pop up builder plugin, analyze their site’s code for malicious entries, scan for hidden backdoors, and block specific malicious domains associated with this attack. And they also say that the incident underscores the ongoing risk of vulnerabilities and third party WordPress plugins and themes. Gil, I know we talk about this a lot. What do you think of the recommendations there in terms of securing websites? And do you have anything to add on that?
Gil
Yeah, the plugins are typically the culprit. By that I mean that the WordPress core is usually pretty secure, especially if you keep up to date with it and make sure you apply the security patches. But the plugins, there’s just so many plugins that it’s hard for the audience that’s listening to us that has WordPress like, well, what if you’re using 20 or 30 plugins, you know, becomes a feat to try to keep up with all of them. And so inevitably what happens is there’s one plugin that starts to age and it has vulnerability. People don’t pay attention to it like what happened here. And then thousands of websites are compromised because of this week plugins. So that’s something that HIPAA Vault does. We maintain awareness of those plugins. We let our customers know if plugins should be updated. So yeah, that’s super important.
Gil
I would say that’s one of the most important things with WordPress. Just get those plugins to a minimal number. Don’t have 50 of them. You try to keep the number smaller if you can and then make sure they’re updated. And also really important, make sure you’re paying for the plugins. By that I mean some people might be surprised. What do you mean pay for it? If I get it for free, why would I pay for it? Well, it’s really important in a HIPAA environment that you pay for it because that’s how you get the updates. If you get the free version, then either you don’t get any updates or you’re always behind two or three versions because that’s the advantage of buying for the premium version and support as well. Right, and support. And you get support.
Gil
So in the HIPAA context, you got to pay for these things. That’s just part of the cost of doing business in the HIPAA world.
Adam
Yeah, and we’ll share a link to that report as well in the description below. All right, so moving on to our main topic for today, the HIPAA compliance for WordPress masterclass. Taryn, I know you’ve been heavily involved in setting this up. Tell us a little bit about the HIPAA WordPress masterclass. I understand it’s free right now, valued at dollar 297 usually, but free for a limited time, right?
Taryn
Yes, Adam, that’s correct. So right now HIPAA vault is offering the masterclass completely for free, no charge, just to see how people like it, to get some engagement and get some people interested. And then eventually we’ll move forward with making it a paid membership. So definitely take advantage of that as soon as you can.
Adam
That’s fantastic. Who’s it aimed at, would you say?
Taryn
That’s a great question. So it’s aimed specifically towards developers, but it is designed keeping in mind that there are going to be healthcare practitioners and also IT administrators who don’t typically do the backend development for WordPress websites who might be interested in this masterclass.
Adam
Yeah, I know that we’ve been working on this for quite a while now, so excited that it finally has launched. And how’s the response been?
Taryn
It’s been great. We’ve had quite a few people sign up for it and quite a couple who have completed the entire masterclass and gotten their certificate.
Adam
Oh yeah, I was going to ask about that. So they get a certificate of completion, right?
Taryn
That’s correct. And they can share that with anyone that they want to put it on their website, put it in their list of certifications.
Adam
That’s great. So what does it look like? Can you give us a brief snapshot or just a brief glimpse of what it looks like?
Taryn
Yeah, of course. So here I will share my screen so that I can show you. All right, so after someone signs up for the Masterclass, they will receive a confirmation email in their inbox which will provide them with the login details. So once they log in, this is what they’ll see. So you can read the quick description that goes over what the Masterclass will review our different modules. It does come with five different modules which you can see all down here. And you can also see that one of our wonderful hosts of the HIPAA Vault show is the instructor for the class as well. So in order to take the class, you can either click on start course over here, or you can choose a specific module or a specific quiz if you want to go give that a try before doing the modules.
Taryn
If you are a learner like I am, and you like to see the questions first and then go through the class, then you can certainly do it that way as well. So just to quickly click on start course, it’ll take you to the first video. Every single video has a description and a full transcript that you can read over if you need to take any notes. And once the video is complete, then you can just click this at the bottom. Mark is complete. As you can see right now, there’s no cheating. I haven’t watched the full video, so I can’t click on it just yet. But once I’ve completed that, then I can move on to the quiz, take that, and keep moving on through the modules until I have completed quiz five.
Adam
That’s great. Gil, do you have any comments on the aim of the masterclass? I know Tara mentioned that it’s mainly aimed at developers and then potentially healthcare website owners.
Gil
Well, I do know that there are many developers, or just many people in general that like to do things themselves. They just want to do it and they don’t want to go to another company to have them do it on their behalf. You know how things go in life. People are busy. So once you get into it and you feel like, hey, this is just a lot more work than I thought, you know, you can always meet with Adam and schedule a time with you, go over what it would cost for HIPAA vault to do it for you. And that’s a big advantage because that way you could just focus on your core competency. In your website instead of trying to do all the HIPAA compliance work. And it doesn’t, and the other thing I want to emphasize, it doesn’t go away.
Gil
It’s not like you do this once. Oh, good. Done. You know, done one and done, as they say. Instead, you’ve got to continually be doing this kind of work because things are changing in the tech world all the time.
Adam
Yeah. And in terms of response, I’ve received feedback, great feedback, from developers that have completed the course. And the feedback is that, you know, often they have, they’re dealing face to face with the healthcare website owner, right. And they struggle often to explain, you know, what goes into making the website HIPAA compliant. And so it’s really helpful to give them that information that they need to, you know, explain properly to the healthcare website owner what the undertaking is to make the website HIPAA compliant. So kudos to everyone and kudos to the team on getting that through. Taryn, could you also tell us a little bit about the newsletter? I was going to say newsletter, but it’s been going for a while now. Could you tell us a little bit about that?
Taryn
Yeah, sure. So our HIPAA Insights newsletter has been going on for a couple months. However, we have just started sending it out on a weekly basis since we just have so much information that we want to share with our clients and with our prospective customers. So every week we send out just some quick company updates for anyone who wants to read up on that, if we have any software changes going on or we recently changed our address, which we sent out. And then it also includes some news on security breaches that have been happening recently, as well as some information on our podcast episodes. So for anyone who’s listening who sometimes misses an episode, those are included in the HIPAA Insights newsletters, as well as frequently asked questions that we get throughout the week.
Taryn
So we find that a lot of our clients have the same questions and so we send that out just in case it might be going on in your mind or it might come up later. As well as that, we also do little highlights on some of our new clients and just any other information that’s come up that week. Really. The world of HIPAA is a very busy world, so there’s always something going on.
Adam
Yeah, you and the team been doing a great job at putting out really important content on the newsletter. So if you’re a listener, viewer, if you’re an existing customer of hip vault, or if you’re just someone that’s really interested in learning more and keeping up to date with the latest in HIPAA compliance, then the newsletter is a great source, and we’ll link in the description to the how you can sign up for the newsletter, and then also how you can sign up for the HIPAA WordPress for masterclass course. And as always, if you would like to reach out to us with any questions, you can reach out direct to the podcastipplebot.com, and we’d be happy to answer them. Any closing thoughts?
Gil
Don’t get discouraged because there are so many bad actors and negative news. You know, every day there’s some other company that got fined by the OCR office because they let it breach through, and then it seems daunting, right? Ransomware, they lock all your computers and what do you do? You can’t offer patient care if your key platforms are locked down, so it seems very discouraging. But in the end, if you are persistent and you are consistent, you will have success in locking things down, ensuring that the bad actors don’t get in. So keep going.
Adam
Yeah, very wise words there. Well, thanks for tuning in. Thanks for listening. And until next time, thanks for stopping by.